LET’S FACE IT, when it comes to insider threats there’s a lot of information out there, and keeping up with it all can be overwhelming. This case study, though, about an organization that could potentially represent any number of your customers, offers a real-world example of why making the effort is so important.
A regional hospital with third-party EMT staff who had unlimited access to patient records.
Rumors began circulating that the hospital was selling patient data, mostly because several lawyers in the area seemed to be using private medical histories against people in insurance disputes. Security officers said those same lawyers were always nearby anytime certain types of incidents and cases came into the emergency room. In addition, the IT department noticed that some unauthorized portable devices were reading and writing patient medical files.
IT audited the access logs for people reading patient health records. Cross-referencing that analysis with logs from other systems, IT determined that specific EMTs had been copying data onto flash drives while patients were in transit to the hospital. The EMTs then sold the patient’s personal health information to the lawyers upon arrival at the emergency room.
In response to this discovery, IT created a definition for what “normal” access to patient records looks like and configured the security software to send automated alerts whenever it spotted deviations from that pattern. Additionally, IT blocked the third-party EMT vendor from accessing the patient database without manual approval from hospital staff.
So how can you help clients avoid a situation like this? Staying on top of the latest insider threats and countermeasures is a critical part of the answer. Here are three suggestions for keeping yourself informed:
1. Follow the Leaders
Sitting down to read reports and studies is useful but time-consuming. A quicker way to stay informed about insider risks is to tune into the CERT Podcast Series, which features discussions about insider threats by some of the most prominent researchers in cybersecurity. Listening in the morning while you get ready for work will keep you in touch with the newest ideas and insights, so you can take a targeted approach to meeting your clients’ needs.
2. Mind the Regulatory Gaps
Reading up on regulations and requirements can be tedious, but will also help you understand the bare-minimum safeguards you and all your customers should have in place.
Better even than reading the regulations themselves, though, is reading criticism of them. Journalists and experts who write about security will often highlight best practices in the course of pointing out what’s missing in a regulation. An example of this is when the Department of Defense published new procurement requirements designed to mitigate insider threats. Critics said the rules didn’t go far enough, and news coverage of their concerns included specific suggestions on more complete and effective insider threat defenses.
3. Go Vertical
Study up on how businesses in various industries defend against insider risks, and use what they do as a baseline for what your clients should be doing. Make this a weekly process to track any shifts and trends. You’ll not only have a better grasp of what’s happening in your customer’s industry, but learn about potentially useful ideas from companies in other industries. You’ll also gradually build up a library of ideas to draw upon when educating your clients about insider threats. A great resource for current practices and compliance information in healthcare, for example, is the HIPAA Journal.
While there are a variety of ways you could try to stay up to date on insider security, these are some of the most accessible means to get up to speed fast on what’s the ideal, what’s the minimum, and what’s the norm.
ISAAC KOHEN is the founder and CEO of Teramind, an employee monitoring and insider threat prevention platform that detects, records, and prevents, malicious user behavior. Isaac can be reached at [email protected].
Opening image: Pixabay